Lustre discuss - Aug 2008 - Log file opens/reads/etc?

Is there is a tool that shows what files are being accessed? Sort of
like inotify, but not inotify? I''d like to compile file access
statistics to try and balance the most accessed files across the OST''s
better.

Thanks for any tips,
Dale

On Aug 09, 2008  05:06 -0700, daledude wrote:
> Is there is a tool that shows what files are being accessed? Sort of
> like inotify, but not inotify? I''d like to compile file access
> statistics to try and balance the most accessed files across the
OST''s
> better.
There is a feature being worked on for Lustre 2.0 called "Changelogs"
that will allow recording all files that are modified.

Cheers, Andreas
--
Andreas Dilger
Sr. Staff Engineer, Lustre Group
Sun Microsystems of Canada, Inc.

Hi Andreas,

Will this be compliant with Trusted Computing standards? i.e. will it be
possible to use this information for auditing purposes?

thanks,
Klaus

On 8/18/08 3:43 AM, "Andreas Dilger" <adilger at sun.com>did
etch on stone
tablets:
> On Aug 09, 2008  05:06 -0700, daledude wrote:
>> Is there is a tool that shows what files are being accessed? Sort of
>> like inotify, but not inotify? I''d like to compile file access
>> statistics to try and balance the most accessed files across the
OST''s
>> better.
> 
> There is a feature being worked on for Lustre 2.0 called
"Changelogs"
> that will allow recording all files that are modified.
> 
> Cheers, Andreas
> --
> Andreas Dilger
> Sr. Staff Engineer, Lustre Group
> Sun Microsystems of Canada, Inc.
> 
> _______________________________________________
> Lustre-discuss mailing list
> Lustre-discuss at lists.lustre.org
> http://lists.lustre.org/mailman/listinfo/lustre-discuss

On Aug 18, 2008  12:53 -0700, Klaus Steden wrote:
> Will this be compliant with Trusted Computing standards? i.e. will it be
> possible to use this information for auditing purposes?
I don''t know enough about that to make a useful answer, sorry.
> On 8/18/08 3:43 AM, "Andreas Dilger" <adilger at
sun.com>did etch on stone
> tablets:
> 
> > On Aug 09, 2008  05:06 -0700, daledude wrote:
> >> Is there is a tool that shows what files are being accessed? Sort
of
> >> like inotify, but not inotify? I''d like to compile file
access
> >> statistics to try and balance the most accessed files across the
OST''s
> >> better.
> > 
> > There is a feature being worked on for Lustre 2.0 called
"Changelogs"
> > that will allow recording all files that are modified.
> > 
> > Cheers, Andreas
> > --
> > Andreas Dilger
> > Sr. Staff Engineer, Lustre Group
> > Sun Microsystems of Canada, Inc.
> > 
> > _______________________________________________
> > Lustre-discuss mailing list
> > Lustre-discuss at lists.lustre.org
> > http://lists.lustre.org/mailman/listinfo/lustre-discuss
Cheers, Andreas
--
Andreas Dilger
Sr. Staff Engineer, Lustre Group
Sun Microsystems of Canada, Inc.

Hi Andreas,

Hrm. Who should I contact to find out more, then?

thanks,
Klaus

On 8/18/08 4:44 PM, "Andreas Dilger" <adilger at sun.com>did
etch on stone
tablets:
> On Aug 18, 2008  12:53 -0700, Klaus Steden wrote:
>> Will this be compliant with Trusted Computing standards? i.e. will it
be
>> possible to use this information for auditing purposes?
> 
> I don''t know enough about that to make a useful answer, sorry.
> 
>> On 8/18/08 3:43 AM, "Andreas Dilger" <adilger at
sun.com>did etch on stone
>> tablets:
>> 
>>> On Aug 09, 2008  05:06 -0700, daledude wrote:
>>>> Is there is a tool that shows what files are being accessed?
Sort of
>>>> like inotify, but not inotify? I''d like to compile
file access
>>>> statistics to try and balance the most accessed files across
the OST''s
>>>> better.
>>> 
>>> There is a feature being worked on for Lustre 2.0 called
"Changelogs"
>>> that will allow recording all files that are modified.
>>> 
>>> Cheers, Andreas
>>> --
>>> Andreas Dilger
>>> Sr. Staff Engineer, Lustre Group
>>> Sun Microsystems of Canada, Inc.
>>> 
>>> _______________________________________________
>>> Lustre-discuss mailing list
>>> Lustre-discuss at lists.lustre.org
>>> http://lists.lustre.org/mailman/listinfo/lustre-discuss
> 
> Cheers, Andreas
> --
> Andreas Dilger
> Sr. Staff Engineer, Lustre Group
> Sun Microsystems of Canada, Inc.
>

On Aug 18, 2008  17:18 -0700, Klaus Steden wrote:
> Hrm. Who should I contact to find out more, then?
Nathan is working on the Changelog code, but I think the main issue
is that neither of us know what "compliant with Trusted Computing
standards"
really means.
> On 8/18/08 4:44 PM, "Andreas Dilger" <adilger at
sun.com>did etch on stone
> tablets:
> 
> > On Aug 18, 2008  12:53 -0700, Klaus Steden wrote:
> >> Will this be compliant with Trusted Computing standards? i.e. will
it be
> >> possible to use this information for auditing purposes?
> > 
> > I don''t know enough about that to make a useful answer,
sorry.
> > 
> >> On 8/18/08 3:43 AM, "Andreas Dilger" <adilger at
sun.com>did etch on stone
> >> tablets:
> >> 
> >>> On Aug 09, 2008  05:06 -0700, daledude wrote:
> >>>> Is there is a tool that shows what files are being
accessed? Sort of
> >>>> like inotify, but not inotify? I''d like to
compile file access
> >>>> statistics to try and balance the most accessed files
across the OST''s
> >>>> better.
> >>> 
> >>> There is a feature being worked on for Lustre 2.0 called
"Changelogs"
> >>> that will allow recording all files that are modified.
> >>> 
> >>> Cheers, Andreas
> >>> --
> >>> Andreas Dilger
> >>> Sr. Staff Engineer, Lustre Group
> >>> Sun Microsystems of Canada, Inc.
> >>> 
> >>> _______________________________________________
> >>> Lustre-discuss mailing list
> >>> Lustre-discuss at lists.lustre.org
> >>> http://lists.lustre.org/mailman/listinfo/lustre-discuss
> > 
> > Cheers, Andreas
> > --
> > Andreas Dilger
> > Sr. Staff Engineer, Lustre Group
> > Sun Microsystems of Canada, Inc.
> > 
Cheers, Andreas
--
Andreas Dilger
Sr. Staff Engineer, Lustre Group
Sun Microsystems of Canada, Inc.

Hello Andreas,

My apologies for not explaining myself. :-)

The trusted computing standards I''m talking about (there are a few,
some
good, some not so much) are effectively based on US Department of Defense C2
(aka Orange Book) security standards:

http://en.wikipedia.org/wiki/TCSEC

The best audit trail implementations I''ve seen are based on
Sun''s BSM,
adopted and implemented by both FreeBSD and Apple in their auditing code.

http://docs.sun.com/app/docs/doc/806-1789

http://www.apple.com/support/security/commoncriteria/

http://www.freebsd.org/doc/en/books/handbook/audit.html

BSM-based auditing systems define classes of system calls, users, and groups
of users that are of interest -- file create, file read, login, socket
opens, people in the ''wheel'' group, etc. -- and record a
realtime log of
events as they occur within the kernel. This information is stored in a
packed binary format, and can be exploded into ASCII for parsing and
analysis using built-in tools, allowing you to establish a complete audit
trail of the operations of interest.

How Lustre would implement this I''m not sure, since it''s
object-based and
BSM auditing records file names ... but the idea is important, especially in
digital media where auditability keeps lawyers from the MPAA and the big
studios at bay.

cheers,
Klaus

On 8/18/08 9:13 PM, "Andreas Dilger" <adilger at sun.com>did
etch on stone
tablets:
> On Aug 18, 2008  17:18 -0700, Klaus Steden wrote:
>> Hrm. Who should I contact to find out more, then?
> 
> Nathan is working on the Changelog code, but I think the main issue
> is that neither of us know what "compliant with Trusted Computing
standards"
> really means.
> 
>> On 8/18/08 4:44 PM, "Andreas Dilger" <adilger at
sun.com>did etch on stone
>> tablets:
>> 
>>> On Aug 18, 2008  12:53 -0700, Klaus Steden wrote:
>>>> Will this be compliant with Trusted Computing standards? i.e.
will it be
>>>> possible to use this information for auditing purposes?
>>> 
>>> I don''t know enough about that to make a useful answer,
sorry.
>>> 
>>>> On 8/18/08 3:43 AM, "Andreas Dilger" <adilger at
sun.com>did etch on stone
>>>> tablets:
>>>> 
>>>>> On Aug 09, 2008  05:06 -0700, daledude wrote:
>>>>>> Is there is a tool that shows what files are being
accessed? Sort of
>>>>>> like inotify, but not inotify? I''d like to
compile file access
>>>>>> statistics to try and balance the most accessed files
across the OST''s
>>>>>> better.
>>>>> 
>>>>> There is a feature being worked on for Lustre 2.0 called
"Changelogs"
>>>>> that will allow recording all files that are modified.
>>>>> 
>>>>> Cheers, Andreas
>>>>> --
>>>>> Andreas Dilger
>>>>> Sr. Staff Engineer, Lustre Group
>>>>> Sun Microsystems of Canada, Inc.
>>>>> 
>>>>> _______________________________________________
>>>>> Lustre-discuss mailing list
>>>>> Lustre-discuss at lists.lustre.org
>>>>> http://lists.lustre.org/mailman/listinfo/lustre-discuss
>>> 
>>> Cheers, Andreas
>>> --
>>> Andreas Dilger
>>> Sr. Staff Engineer, Lustre Group
>>> Sun Microsystems of Canada, Inc.
>>> 
> 
> Cheers, Andreas
> --
> Andreas Dilger
> Sr. Staff Engineer, Lustre Group
> Sun Microsystems of Canada, Inc.
>

On Aug 18, 6:43?am, Andreas Dilger <adil... at sun.com>
wrote:
> On Aug 09, 2008 ?05:06 -0700, daledude wrote:
>
> > Is there is a tool that shows what files are being accessed? Sort of
> > like inotify, but not inotify? I''d like to compile file
access
> > statistics to try and balance the most accessed files across the
OST''s
> > better.
>
> There is a feature being worked on for Lustre 2.0 called
"Changelogs"
> that will allow recording all files that are modified.
>
> Cheers, Andreas
Is there a "debug" tool/option/log in 1.6.5 that outputs what files
are being opened or read? Im more interested in reads. Im not using
striping so I''d like to find out what files are accessed the most so
they can be copied to less overloaded OST''s.

Even a tool that just works with generic ext that also works with
lustre would be good. I dont even know if I can use inotify with
lustre, but I cant use that anyways as I have about 6 million files
and half that number in directory trees.

Thanks,
Dale

On Aug 20, 2008  13:58 -0700, daledude wrote:
> On Aug 18, 6:43?am, Andreas Dilger <adil... at sun.com> wrote:
> > On Aug 09, 2008 ?05:06 -0700, daledude wrote:
> >
> > > Is there is a tool that shows what files are being accessed? Sort
of
> > > like inotify, but not inotify? I''d like to compile file
access
> > > statistics to try and balance the most accessed files across the
OST''s
> > > better.
> >
> > There is a feature being worked on for Lustre 2.0 called
"Changelogs"
> > that will allow recording all files that are modified.
> 
> Is there a "debug" tool/option/log in 1.6.5 that outputs what
files
> are being opened or read? Im more interested in reads. Im not using
> striping so I''d like to find out what files are accessed the most
so
> they can be copied to less overloaded OST''s.
Not really.  You could add a CDEBUG message in the read code
(ost_brw_read() that prints the object number) so it is logged to the
lustre debug log, and then run "lctl debug_daemon" to continuously
log these messages to disk.  This would of course have some performance
impact.

Cheers, Andreas
--
Andreas Dilger
Sr. Staff Engineer, Lustre Group
Sun Microsystems of Canada, Inc.